WO2012129637A3 - Method of securing memory against malicious attack - Google Patents

Method of securing memory against malicious attack Download PDF

Info

Publication number
WO2012129637A3
WO2012129637A3 PCT/CA2011/050167 CA2011050167W WO2012129637A3 WO 2012129637 A3 WO2012129637 A3 WO 2012129637A3 CA 2011050167 W CA2011050167 W CA 2011050167W WO 2012129637 A3 WO2012129637 A3 WO 2012129637A3
Authority
WO
WIPO (PCT)
Prior art keywords
heap
memory
buffers
segment
secure
Prior art date
Application number
PCT/CA2011/050167
Other languages
French (fr)
Other versions
WO2012129637A2 (en
Inventor
Grant Stewart Goodes
Original Assignee
Irdeto Canada Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Irdeto Canada Corporation filed Critical Irdeto Canada Corporation
Priority to PCT/CA2011/050167 priority Critical patent/WO2012129637A2/en
Priority to CN201180071247.7A priority patent/CN103827879A/en
Priority to EP11862519.3A priority patent/EP2691861A4/en
Priority to US14/007,475 priority patent/US20140020112A1/en
Publication of WO2012129637A2 publication Critical patent/WO2012129637A2/en
Publication of WO2012129637A3 publication Critical patent/WO2012129637A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

A method and system for secure dynamic memory management using heap memory, or analogous dynamic memory allocation, that includes initializing a heap memory segment, having a plurality of buffers, within a random access memory. When an allocation request to store data in the heap memory segment is received, one of the buffers is randomly selected. Metadata, containing details of allocated and unallocated buffers of the heap memory segment, is then maintained in a portion of the memory separate from the heap object. According to certain embodiments, the secure heap of the present disclosure can securely implement the functions of those portions of the C/C++ stdlib library related to dynamic memory management, specifically malloc ( ), free ( ) and their variants.
PCT/CA2011/050167 2011-03-30 2011-03-30 Method of securing memory against malicious attack WO2012129637A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
PCT/CA2011/050167 WO2012129637A2 (en) 2011-03-30 2011-03-30 Method of securing memory against malicious attack
CN201180071247.7A CN103827879A (en) 2011-03-30 2011-03-30 Method of securing memory against malicious attack
EP11862519.3A EP2691861A4 (en) 2011-03-30 2011-03-30 Method of securing memory against malicious attack
US14/007,475 US20140020112A1 (en) 2011-03-30 2011-03-30 Method of Securing Memory Against Malicious Attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2011/050167 WO2012129637A2 (en) 2011-03-30 2011-03-30 Method of securing memory against malicious attack

Publications (2)

Publication Number Publication Date
WO2012129637A2 WO2012129637A2 (en) 2012-10-04
WO2012129637A3 true WO2012129637A3 (en) 2012-12-06

Family

ID=46931990

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2011/050167 WO2012129637A2 (en) 2011-03-30 2011-03-30 Method of securing memory against malicious attack

Country Status (4)

Country Link
US (1) US20140020112A1 (en)
EP (1) EP2691861A4 (en)
CN (1) CN103827879A (en)
WO (1) WO2012129637A2 (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10311227B2 (en) 2014-09-30 2019-06-04 Apple Inc. Obfuscation of an address space layout randomization mapping in a data processing system
US10311228B2 (en) * 2014-09-30 2019-06-04 Apple Inc. Using a fine-grained address space layout randomization to mitigate potential security exploits
JP6316734B2 (en) * 2014-11-25 2018-04-25 アイシン・エィ・ダブリュ株式会社 Road information statistical system, road information statistical method and computer program
US20160334969A1 (en) * 2015-05-11 2016-11-17 Facebook, Inc. Methods and Systems for Viewing an Associated Location of an Image
US10891167B2 (en) * 2015-12-30 2021-01-12 Siege Technologies, Llc Memory fractionation software protection
CN105810240B (en) * 2016-04-12 2018-08-21 西安紫光国芯半导体有限公司 A kind of large capacity Static RAM and its production method
FR3050844B1 (en) * 2016-04-27 2018-11-23 Morpho METHOD FOR ALLOCATING MEMORY SPACE
US10268601B2 (en) 2016-06-17 2019-04-23 Massachusetts Institute Of Technology Timely randomized memory protection
US10191791B2 (en) * 2016-07-02 2019-01-29 Intel Corporation Enhanced address space layout randomization
US10310991B2 (en) * 2016-08-11 2019-06-04 Massachusetts Institute Of Technology Timely address space randomization
EP3373208A1 (en) * 2017-03-08 2018-09-12 Nxp B.V. Method and system for facilitating reliable pattern detection
US10552847B2 (en) * 2017-03-23 2020-02-04 International Business Machines Corporation Real-time pattern matching of database transactions and unstructured text
CN108733311B (en) * 2017-04-17 2021-09-10 伊姆西Ip控股有限责任公司 Method and apparatus for managing storage system
US10229046B2 (en) 2017-06-01 2019-03-12 International Business Machines Corporation Memory categorization
US10628315B2 (en) 2017-09-28 2020-04-21 Intel Corporation Secure memory repartitioning technologies
WO2020089885A1 (en) * 2018-10-29 2020-05-07 Sternum Ltd. Dynamic memory protection
US11036406B2 (en) * 2019-05-21 2021-06-15 International Business Machines Corporation Thermally aware memory management
US11281513B2 (en) 2019-06-07 2022-03-22 International Business Machines Corporation Managing heap metadata corruption
US20210157738A1 (en) * 2019-11-26 2021-05-27 International Business Machines Corporation Recoverable user cache within recoverable application memory within volatile memory
US12019759B2 (en) * 2021-01-07 2024-06-25 Nxp B.V. Data processing system and method for protecting data in the data processing system
US11687440B2 (en) * 2021-02-02 2023-06-27 Thales Dis Cpl Usa, Inc. Method and device of protecting a first software application to generate a protected software application

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100106920A1 (en) * 2008-10-29 2010-04-29 Microsoft Corporation Data location obfuscation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100846499B1 (en) * 2006-10-27 2008-07-17 삼성전자주식회사 Method and apparatus for managing memory
US7802232B2 (en) * 2006-03-31 2010-09-21 Microsoft Corporation Software robustness through search for robust runtime implementations
US20080094877A1 (en) * 2006-10-20 2008-04-24 Honeywell International Inc. Faster initialization of dram memory
US7761676B2 (en) * 2006-12-12 2010-07-20 Intel Corporation Protecting memory by containing pointer accesses

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100106920A1 (en) * 2008-10-29 2010-04-29 Microsoft Corporation Data location obfuscation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AGGARWAL: "Thinking Beyond Heap Randomization", 12 February 2009 (2009-02-12), XP008171561, Retrieved from the Internet <URL:http://www.stanford.edu/~agaurav/files/heap.pdf> [retrieved on 20111201] *
KHARBUTLI ET AL.: "Comprehensively and Efficiently Protecting the Heap", ASPLOS'06, 21 October 2006 (2006-10-21), SAN JOSE, CALIFORNIA, USA, XP007912510, Retrieved from the Internet <URL:http://www.ece.ncsu.edu/arpers/Papers/heapserver-asplos06.pdf> [retrieved on 20111201] *

Also Published As

Publication number Publication date
WO2012129637A2 (en) 2012-10-04
US20140020112A1 (en) 2014-01-16
CN103827879A (en) 2014-05-28
EP2691861A2 (en) 2014-02-05
EP2691861A4 (en) 2015-01-14

Similar Documents

Publication Publication Date Title
WO2012129637A3 (en) Method of securing memory against malicious attack
GB2504411A (en) Shared resource and virtual resource management in a networked environment
WO2014033606A3 (en) Systems and methods of memory and access management
GB2492870A (en) Optimizing a file system for different types of applications in a compute cluster using dynamic block size granularity
IN2015DN01544A (en)
WO2011143628A3 (en) Apparatus, system, and method for conditional and atomic storage operations
NZ617451A (en) Stream-based software application delivery and launching system
WO2013148440A3 (en) Managing coherent memory between an accelerated processing device and a central processing unit
TW200951715A (en) Memory system
EP2396730A4 (en) Devices and methods for optimizing data-parallel processing in multi-core computing systems
WO2015192045A3 (en) Precisely tracking memory usage in multi-process computing environment
WO2016044112A3 (en) Efficient data movement within file system volumes
GB201116597D0 (en) Method and system for sharing data between software systems
WO2009023629A3 (en) Memory device and method having on-board address protection system for facilitating interface with multiple processors, and computer system using same
WO2012154838A3 (en) Generating application recommendations based on user installed applications
WO2009124014A8 (en) Cache optimization
GB2493679A (en) Managing write operations to an extent of tracks migrated between storage devices
GB2497235A (en) Apparatus and method for managing software applications using partitioned data storage devices
PH12017500241A1 (en) File access method, device and storage system
WO2015108708A3 (en) Unified memory systems and methods
WO2012024508A3 (en) Systems and methods for securing virtual machine computing environments
EP1589411A3 (en) Managing method for storing subsystem
WO2012044015A3 (en) Method and apparatus for dynamic resource allocation of processing units
ATE520080T1 (en) STORAGE MANAGEMENT
EP4276614A3 (en) Method and system for low latency data management

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 14007475

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2011862519

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11862519

Country of ref document: EP

Kind code of ref document: A2